[flashrom] flashrom accepts its command line parameters as a file name to read to
Stefan Tauner
stefan.tauner at student.tuwien.ac.at
Mon Aug 22 12:01:17 CEST 2011
On Thu, 18 Aug 2011 17:57:59 +0200
Idwer Vollering <vidwer at gmail.com> wrote:
> 2011/8/18 Christophe Poncy <cp at canaxis.org>:
> > Hi,
> >
>
> ...
>
> > # ./flashrom -r -L
>
> This shouldn't be allowed.
hm. actually i think this is normal behavior (for getopt-using
applications).
one arbitrary example:
grep [OPTIONS] [-e PATTERN | -f FILE] [FILE...]
# grep -e -f cli_classic.c
this uses "-f" as a search pattern to look for in cli_classic.c
i do agree though, that it might be unexpected, especially for windows
users. and even if it is expected behavior no one would miss it, if we
prohibit it.
> What about disallowing the creation of files that have a name listed
> in cli_classic.c's optstring[] and/or long_options[] ?
or prohibiting any option parameters to be started with "-" (this
includes all the file names, but also:
- chip names (not an issue so far)
- mainboard names (ditto)
- layout file names and region names (probably tolerable too)
- programmer parameters (also not an issue i presume)
--
Kind regards/Mit freundlichen Grüßen, Stefan Tauner
More information about the flashrom
mailing list